Lucene search
K

155 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:32 p.m.8 views

CVE-2021-27756

"TLS-RSA cipher suites are not disabled in BigFix Compliance up to v2.0.5. If TLS 2.0 and secure ciphers are not enabled then an attacker can passively record traffic and later decrypt it."...

7.5CVSS6.9AI score0.00557EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:18 p.m.7 views

CVE-2009-4295

Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 100, and 150 DTU device, which makes it easier for remote attackers to obtain sensitive information by predicting a key and then using it to decrypt sniffed network traffic...

7.8CVSS6.6AI score0.01426EPSS
Exploits0References1
CNVD
CNVD
added 2025/05/14 12:0 a.m.2 views

Tenda RX2 Pro Security Bypass Vulnerability

Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. A security bypass vulnerability exists in Tenda RX2 Pro version 16.03.30.14, which can be exploited by an attacker to cause decryption, replay, or spoofing of traffic...

7.3CVSS7.1AI score0.00197EPSS
Exploits1References1
CNVD
CNVD
added 2025/05/14 12:0 a.m.3 views

Tenda RX2 Pro Information Disclosure Vulnerability

Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. The Tenda RX2 Pro suffers from an information disclosure vulnerability that originates from the explicit transmission of sensitive information in the web management portal, which can be exploited by an attacker to decry...

8.2CVSS6.5AI score0.00229EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/01 12:0 a.m.6 views

PT-2025-18700 · Tenda · Tenda Rx2 Pro

Name of the Vulnerable Software and Affected Versions: Tenda RX2 Pro version 16.03.30.14 Description: The issue concerns the reuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management service. This allows an attacker to decrypt, replay, and/or forge traffic ...

8.8CVSS6.1AI score0.0083EPSS
Exploits1References6
CVE
CVE
added 2025/05/01 12:0 a.m.67 views

CVE-2025-46626

The CVE-2025-46626 entry concerns the Tenda RX2 Pro (firmware 16.03.30.14). The root cause is the reuse of a static AES key and initialization vector for encrypted traffic to the device’s ‘ate’ management service, enabling an attacker to decrypt, replay, and forge traffic targeting that service. ...

7.3CVSS6.6AI score0.0083EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/05/01 12:0 a.m.4 views

Tenda RX2 Pro 安全漏洞

Tenda RX2 Pro is a high performance WiFi 6 signal amplifier from Tenda China. The Tenda RX2 Pro suffers from an information disclosure vulnerability that originates from the explicit transmission of sensitive information in the web management portal, which can be exploited by an attacker to decry...

8.2CVSS6.3AI score0.00229EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/05/01 12:0 a.m.11 views

CVE-2025-46633

Cleartext transmission of sensitive information in the web management portal of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt traffic between the client and server by collecting the symmetric AES key from collected and/or observed traffic. The AES key in sent in cleartext in respons...

0.00229EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/05/01 12:0 a.m.6 views

CVE-2025-46626

Reuse of a static AES key and initialization vector for encrypted traffic to the 'ate' management service of the Tenda RX2 Pro 16.03.30.14 allows an attacker to decrypt, replay, and/or forge traffic to the service...

7.1AI score0.0083EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/05 5:52 p.m.16 views

CVE-2019-5137

The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13...

7.5CVSS6.8AI score0.02304EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/01/06 12:0 a.m.6 views

OpenVPN Connect 安全漏洞

OpenVPN Connect is a VPN Virtual Private Network client application from OpenVPN USA. A security vulnerability exists in OpenVPN Connect versions prior to 3.5.0, which stems from a plaintext private key in the configuration file being recorded in the application logs, which can be used by...

7.5CVSS8.6AI score0.00535EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/04/22 12:0 a.m.5 views

The vulnerability of the PAN-OS operating system, related to the occurrence of interpretation conflicts, allows attackers to disrupt the decoding process of traffic.

The vulnerability of the PAN-OS operating system is related to the occurrence of interpretation conflicts. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disrupt the traffic decryption process...

5.3CVSS5.9AI score0.00436EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/04/10 5:6 p.m.91 views

CVE-2024-3386

CVE-2024-3386 : In Palo Alto Networks PAN-OS, an incorrect string comparison prevents Predefined Decryption Exclusions from functioning as intended, causing traffic destined for domains not listed in the exclusions to be unintentionally excluded from decryption. The vulnerability affects PAN-OS s...

5.3CVSS6.7AI score0.00436EPSS
Exploits0References1Affected Software1
Schneier on Security
Schneier on Security
added 2023/10/27 11:1 a.m.19 views

Messaging Service Wiretap Discovered through Expired TLS Cert

Fascinating story of a covert wiretap that was discovered because of an expired TLS certificate: The suspected man-in-the-middle attack was identified when the administrator of jabber.ru, the largest Russian XMPP service, received a notification that one of the servers’ certificates had expired...

6.7AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2023/06/09 7:15 a.m.3 views

CVE-2023-34363

An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security OAS encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses a...

5.9CVSS5.8AI score0.00327EPSS
Exploits0References3
OSV
OSV
added 2023/06/09 7:15 a.m.5 views

CVE-2023-34363

An issue was discovered in Progress DataDirect Connect for ODBC before 08.02.2770 for Oracle. When using Oracle Advanced Security OAS encryption, if an error is encountered initializing the encryption object used to encrypt data, the code falls back to a different encryption mechanism that uses a...

5.9CVSS5.8AI score0.00327EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/06/09 12:0 a.m.11 views

Progress Software DataDirect Connect 安全特征问题漏洞

Progress Software DataDirect Connect is a data connectivity solution from Progress Software, Inc. that can run in the cloud or locally. A security vulnerability previously existed in Progress Software DataDirect Connect version 08.02.2770, which arose when using Oracle Advanced Security OAS...

5.9CVSS6.1AI score0.00327EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/06/08 12:0 a.m.4 views

PT-2023-24839 · Progress · Progress Datadirect Connect For Odbc

Name of the Vulnerable Software and Affected Versions: Progress DataDirect Connect for ODBC versions prior to 08.02.2770 for Oracle Description: An issue was discovered when using Oracle Advanced Security OAS encryption. If an error occurs while initializing the encryption object, the code falls...

5.9CVSS7.1AI score0.00327EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2023/05/24 6:15 p.m.5 views

CVE-2023-33982

Bramble Handshake Protocol BHP in Briar before 1.5.3 is not forward secure: eavesdroppers can decrypt network traffic between two accounts if they later compromise both accounts. NOTE: the eavesdropping is typically impractical because BHP runs over an encrypted session that uses the Tor hidden...

5.9CVSS6.2AI score0.00461EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/05/24 12:0 a.m.7 views

PT-2023-24616 · Briar · Briar

Name of the Vulnerable Software and Affected Versions: Briar versions prior to 1.5.3 Description: The issue affects the Bramble Handshake Protocol BHP in Briar, allowing eavesdroppers to decrypt network traffic between two accounts if they later compromise both accounts. However, the eavesdroppin...

5.9CVSS6.9AI score0.00461EPSS
Exploits1References6
Rows per page
Query Builder